19-year-old WinRAR vulnerability lets hackers infect computers with malware
March 29, 2019
Kaspersky Lab has announced that a critical security vulnerability that was present in every version of WinRAR released in the last 19 years allowed hackers to inject malware into computers by creating malicious RAR archives.
The security flaw that lasted almost two decades has been finally fixed and the only version of WinRAR that does not contain the flaw is the latest version 5.70 which users can download from the official WinRAR website.
"The security flaw enables hijackers to create malicious RAR archives. As soon as this archive is unpacked, a malicious executable file is silently extracted into the Startup folder. On the next reboot this file will be automatically launched, thus infecting your computer with whatever payload the file contains.
"To pass undetected even by the most cautious of us, the malefactors usually give this EXE file very innocent-looking names, such as GoogleUpdate.exe," the security firm noted.
In order to lure unsuspecting people to open malicious RAR archives, cyber criminals use various tactics and lures such as advertising job offers, offering adult images, and alerting users about impending terrorist attacks. As such, the only way to prevent hackers from injecting malware into your computer is to stop opening WinRAR archives emailed to you by unknown senders.
Considering that modern malware can execute a wide variety of malicious tasks such as data exfiltration, credential-stealing, gaining remote access, or encrypting data stored in infected systems, opening malicious WinRAR files can expose millions of users to a range of threats that could seriously impact their privacy and data security.
"A recent report by Check Point Software revealed a potential security vulnerability in the UNACEV2.DLL library, which was used in former versions of WinRAR to decompress ACE archives. There haven't been any reported attacks so far, but to provide WinRAR users with a stable and clean version, the final version of WinRAR 5.70 has been released.
"Since UNACEV2.DLL had not been updated since 2005 and access to its source code is not available, the decision was made to drop ACE archive support starting with WinRAR 5.70. Now, after the launch of the final and stable version of WinRAR 5.70, upgrading immediately to the new 5.70 version is highly recommended," win.rar GmbH said.
"To users who are not interested in an upgrade or who don't find a localized version of WinRAR 5.70 yet, win.rar GmbH’s advice is to delete the UNACEV2.DLL file from their current WinRAR version to be reliably protected again. All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10, can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program," it added.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.